<!DOCTYPE html>
<html lang="zh-cn">
<head>
	<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
	<title>
OpenLDAP添加Schema（Ubuntu） | 
穷折腾</title>
	<link rel="stylesheet" href="/static/css/style.css" />
	<link rel="stylesheet" href="/static/css/pygments.css" />
	<link rel="alternate" type="application/rss+xml" title="RSS" href="http://zqqf16.info/rss.xml" />
	
</head>
<body>
    <div id="container">
      <div id="main" role="main">
        <header>
		<h1>
OpenLDAP添加Schema（Ubuntu）
</h1>
		</header>

     <nav>
		<span><a title="home page" class="" href="/">home</a></span>
        <span><a href="/pages/about.html" title="关于">关于</a></span>
     </nav>

     <article class="content">
        <section class="post">
            
		<h2>前言</h2>

<p>工作中遇到了需要给LDAP添加自定义字段的情况，介于公司中此技艺已经失传，只能自己来了。</p>

<p>网络上很多流传的教程都太老了，不是很适用。Ubuntu8.10以及之后的系统倾向于用slapd-config的各种工具来配置sladp，而不是之前的直接修改文件的方法。</p>

<p>用sldap-config来添加Schema可以总结为以下几步：</p>

<ol>
<li>创建Schema文件</li>
<li>将Schema转换成ldif格式文件</li>
<li>将ldif文件内容导入</li>
</ol>

<h2>具体步骤</h2>

<ol>
<li><p>编辑Schema文件，保存为<code>test.schema</code></p>

<pre><code>objectIdentifier testOID 1.1.1.1
objectIdentifier testAttr testOID:1
objectIdentifier testObject testOID:2

attributetype ( testAttr
    NAME 'testattr'
    DESC 'Test attribute'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

objectclass ( testObject
    NAME 'testObject'
    DESC 'Just for test'
    AUXILIARY
    MAY (testattr))
</code></pre></li>
<li><p>创建文件<code>tmp.conf</code>,加入以下内容</p>

<pre><code>include test.schema
</code></pre></li>
<li><p>创建目录<code>ldif_dir</code></p>

<pre><code>$mkdir ldif_dir
</code></pre></li>
<li><p>生成‘ldif’文件</p>

<pre><code>$slaptest -f tmp.conf -F ldif_dir
</code></pre>

<p>ldif目录结构如下：</p>

<pre><code>.
|-- cn=config
|   |-- cn=schema
|   |   `-- cn={0}test.ldif
|   |-- cn=schema.ldif
|   |-- olcDatabase={0}config.ldif
|   `-- olcDatabase={-1}frontend.ldif
`-- cn=config.ldif
</code></pre></li>
<li><p>文件<code>cn=config/cn=schema/cn={0}test.ldif</code>就是生成的‘ldif’文件，编辑此文件：</p>

<p>将</p>

<pre><code>dn: cn={0}test
objectClass: olcSchemaConfig
cn: {0}test
</code></pre>

<p>修改为</p>

<pre><code>dn: cn=test,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: test
</code></pre>

<p>删除以下几行：</p>

<pre><code>structuralObjectClass: olcSchemaConfig
entryUUID: 9530cb4a-9845-1032-9b5c-15d9e32663bc
creatorsName: cn=config
createTimestamp: 20130813092213Z
entryCSN: 20130813092213.368308Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130813092213Z
</code></pre>

<p>最终文件变为</p>

<pre><code>dn: cn=test,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: test
olcObjectIdentifier: {0}testOID 1.1.1.1
olcObjectIdentifier: {1}testAttr testOID:1
olcObjectIdentifier: {2}testObject testOID:2
olcAttributeTypes: {0}( testAttr NAME 'testattr' DESC 'Test attribute' E    QUALIT Y caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: {0}( testObject NAME 'testObject' DESC 'Just for test'     AUXILIARY MAY testattr )
</code></pre></li>
<li><p>将‘ldif’文件内容导入ldap数据库</p>

<pre><code>$sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f cn\=test.ldif
</code></pre></li>
<li><p>检查导入结果</p>

<pre><code>$sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
</code></pre></li>
</ol>

	</section>
	<section class="meta">
		<span class="tags">Tagged by 
			<a href="/tags/OpenLDAP.html">OpenLDAP</a>
		</span>

		<span class="time">&nbsp;<time datetime="2013-08-19">2013-08-19</time></span>
	</section>
	<div id="disqus_thread"></div>
<script type="text/javascript">
    var disqus_shortname = 'zqqf16';
    (function() {
        var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
        dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
    })();
</script>
<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>

<hr/>


        </section>
     </article>
	 <div id="copy">&copy; Powered by <a href="https://github.com/zqqf16/zqqf16.github.com" title="Peanut">Peanut</a> | Themed by <a href="http://lhzhang.com" title="sext ii">sext ii</a></div>
      </div>
    </div> <!--! end of #container -->
    <script type="text/javascript">
        var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
        document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3F0100dcff30150b1fe336a8b5d0d50684' type='text/javascript'%3E%3C/script%3E"));
    </script>
  </body>
</html>
